What is SafetyNet?

SafetyNet is an API that was developed by Google in order to detect whether or not a device is in a known-good state. On older devices, this check is more lenient in order to maintain compatibility.

How does this affect you?

App developers can choose to enable a toggle in the app developer console to hide their app on the Play Store if a device doesn’t pass SafetyNet tests, or can choose to check the SafetyNet status of a device to disable certain functionality. Notable examples would be Netflix, which is hidden on the Play Store, and Android Pay, which checks SafetyNet each time the app is used. Devices running Lineage may have a smaller selection of usable apps in the Play Store as a result of these checks.

What are we going to do about it?

Our official stance is that we will not intentionally circumvent an integrity check that Google has put in place for app developers. Any action taken to bypass SafetyNet risks a backlash against all custom OSes, and could cause Google to block them entirely from the Play Store. We have always taken the approach that our customizations should not change the underlying Android architecture in ways that developers cannot predict.

What can you do about it?

For apps that are no longer visible in the Play Store, you can pursue alternative methods of app installation. For apps that inhibit functionality, you can always install your device’s stock software and relock your bootloader.

The LineageOS Team

Why SafetyNet Is Good for Rooters & Modders

Everything we've talked about so far sounds like a great deal for enterprise, banking, and DRM apps — but what about those of us who mainly choose Android over iOS because of the customization options root provides? On the surface, it definitely seems like we're getting shafted since we can no longer access several apps, but if you dig a bit deeper, you'll realize this whole SafetyNet approach actually shows that Google genuinely cares about us.

Most root methods utilize Fastboot to flash or boot a custom recovery image, which then allows you to install root binaries on your phone. This isn't exploiting some security loophole, either — Fastboot is actually provided by Google for the explicit purpose of flashing or booting from image files. Even when Google made some changes that would've otherwise broken Fastboot flashing, they made sure to go back and add an option to Android's Settings menu that outright allows you to enable these features by simply ticking a box (OEM unlocking).Yes, it's really this simple to enable Fastboot flashing (and thus, root) on Android.

So when it comes to SafetyNet's API that lets apps know if your firmware is modified, Google had a much easier option that they declined to exercise: Just remove Fastboot and the OEM unlocking setting. If they had done that, we would've only had kernel exploits to turn to if we wanted to root — in other words, rooting would have to take place within Android instead of Fastboot or recovery mode.

This would have put us in a similar position to jailbreakers on iOS lately, in that root methods would get shut down just as quickly as they popped up. In the same way that Apple doesn't have a system similar to SafetyNet, Google would have never needed to create SafetyNet if they had gone this route, as it would have been safe for enterprise, DRM, and banking apps to assume that Android users weren't rooted.

Yet, Google indeed spent countless man-hours and millions of dollars creating SafetyNet — why? Because they understand that root is important to many of their users, and they wanted to give us an option: Either keep your device stock and maintain the ability to use apps that rely on SafetyNet, or go ahead and root, but know that you'll lose access to some apps.

Google has since gone on to apply more restrictions to SafetyNet — most recently, they're now allowing app developers to hide their apps on the Play Store if your device fails SafetyNet's attestation check. While this may give you a feeling that they're tightening the screws, know that they're doing it for a good reason: To keep app makers happy without taking away our ability to root.

Oh, and by the way — because we still have access to Fastboot flashing and custom recovery images, Android's development community has already found a way to bypass SafetyNet while being rooted. Check it out at the following link, and make sure to share your thoughts on SafetyNet in the comment section below.